Are you advocating that in order to not be targeted by hactivist groups, we
should give them "Lulz"? Isn't that what kept the Chicago gangsters of the
1920s and 30s in power? Store owners "paying insurance"?
How does this equate to being a good internet citizen?
If we follow this line of thinking, then criminals, regardless of the field of crime,
dictate to us how we live our lives. Don't say anything derogatory about
car thieves or they'll steal your car. Keep your mouth shut about mass-murderers
or you could be the next victim. Don't tick off a hactivist online group or your
site could be targeted.
Sorry, but this doesn't sit too well with many. Anti-social behaviour that can result
in harm to people is not something to be ignored, and sticking your head in the
sand doesn't make the criminals disappear.
If I misinterpreted your post, I apologize. However, since you claim to be involved
in IT security, it sounds like you are proposing to just forget about your security
and pay your internet security insurance payment to the gang boss.
Discussion on:
View:
Show:
Is the first, most important, perhaps the only lesson in martial art and practice:
"Don't be there".
"Don't be there".
death is the inevitable endpoint of life. So the question becomes
how do you live your life, as a celebration or in mourning.
Anyhow, Chad seems to be espousing the position that to not be a
target of these groups, don't piss them off. Sounds easy, but in
reality it is not so simple. What if you have used some business
online, they have your personal data, and the business ticks off
some wannabee...do we just accept that it's "OK" and normal
operating risks that the wannabee hacks into the business' database
and steals our data along with a million other accounts? I'm not
ready to do that.
It would be tatamount to not doing anything in the hypothetical case
of, let's say, someone buys a new Lexus auto, and the auto turns out
to be junk. Instead of dealing with Lexus in a reasonable manner,
the purchaser instead decides to go the dealership and steal all the
keys to the other new Lexus autos, and places those keys in public
places where they possibly could be found and used to drive off with
a new Lexus. In Chad's post, this thief should be hailed as a hero for
exposing some issue with Lexus autos, maybe even rewarded with all
kinds of goodies. Is this the way we should do business "online"?
We as a society do not condone this behaviour "offline", so why
should we accept it online?
how do you live your life, as a celebration or in mourning.
Anyhow, Chad seems to be espousing the position that to not be a
target of these groups, don't piss them off. Sounds easy, but in
reality it is not so simple. What if you have used some business
online, they have your personal data, and the business ticks off
some wannabee...do we just accept that it's "OK" and normal
operating risks that the wannabee hacks into the business' database
and steals our data along with a million other accounts? I'm not
ready to do that.
It would be tatamount to not doing anything in the hypothetical case
of, let's say, someone buys a new Lexus auto, and the auto turns out
to be junk. Instead of dealing with Lexus in a reasonable manner,
the purchaser instead decides to go the dealership and steal all the
keys to the other new Lexus autos, and places those keys in public
places where they possibly could be found and used to drive off with
a new Lexus. In Chad's post, this thief should be hailed as a hero for
exposing some issue with Lexus autos, maybe even rewarded with all
kinds of goodies. Is this the way we should do business "online"?
We as a society do not condone this behaviour "offline", so why
should we accept it online?
One being death as "endpoint". Acceptance means no beginning or end to death. Thou art only that: alive to death.
Two being your handling of pronouns you, your, we, our; first-person, I; the verb, to be; and the hilarious one, reality. Comes to pass, I think, over your confusion with Point One, about being.
The other stuff, between the pronouns, I may safely ignore as unfounded ethic, grasshopper.
Two being your handling of pronouns you, your, we, our; first-person, I; the verb, to be; and the hilarious one, reality. Comes to pass, I think, over your confusion with Point One, about being.
The other stuff, between the pronouns, I may safely ignore as unfounded ethic, grasshopper.
What is "unfounded ethic"? You may not hold the same ethic
as someone else, but those ethics are just as founded.
Ignore them or not, it is your choice and right. Even as others
have the choice and right to hold them or another ethic.
as someone else, but those ethics are just as founded.
Ignore them or not, it is your choice and right. Even as others
have the choice and right to hold them or another ethic.
What I see is two things:
1. You ignore the fact that this article is about a very specific case of avoiding being a target, where the case is that of someone who targets only "bad" people.
2. You blow every perceived error way the hell out of proportion, ultimately inflating it to the point that it no longer even marginally resembles the original point.
. . . and to that kind of "argument", I have no answer, because its premises are irrelevant and misleading.
1. You ignore the fact that this article is about a very specific case of avoiding being a target, where the case is that of someone who targets only "bad" people.
2. You blow every perceived error way the hell out of proportion, ultimately inflating it to the point that it no longer even marginally resembles the original point.
. . . and to that kind of "argument", I have no answer, because its premises are irrelevant and misleading.
"In all of your critiques..."
I would have blown that ill practice into proportions of cosmic inflation, with utterly no margin.
Like what I'm tempted to do with your "irrelevant" and "misleading", which owe to ethic founded on the asinine.
I would have blown that ill practice into proportions of cosmic inflation, with utterly no margin.
Like what I'm tempted to do with your "irrelevant" and "misleading", which owe to ethic founded on the asinine.
If these issues exist then you may be "there" but you sure as heck are not ready.
If you show up to a sword duel, bring your sword.
If you show up to a sword duel, bring your sword.
But I didn't interpret his article that way.
I think what he is suggesting is that companies pay more attention to their public perception and avoid making serious PR blunders which may bring the company to the attention of hacktivist groups. Don't put rootkits on the CDs that you send out. Because no matter how prepared you are for cyber attacks, a group of motivated hacktivists is probably going to find your vulnerabilities before you do, and hope to embarass you.
I read this book and met this author 9 years ago, and much of what he has predicted has come true:
http://www.amazon.com/World-Without-Secrets-Ubiquitous-Computing/dp/0471218162
We are moving towards a world without secrets.
I think what he is suggesting is that companies pay more attention to their public perception and avoid making serious PR blunders which may bring the company to the attention of hacktivist groups. Don't put rootkits on the CDs that you send out. Because no matter how prepared you are for cyber attacks, a group of motivated hacktivists is probably going to find your vulnerabilities before you do, and hope to embarass you.
I read this book and met this author 9 years ago, and much of what he has predicted has come true:
http://www.amazon.com/World-Without-Secrets-Ubiquitous-Computing/dp/0471218162
We are moving towards a world without secrets.
I think he's saying that the problem is not all black and white -- the crackers aren't completely evil and the corporations are far from completely innocent. I think he advocates understanding the complexities of the relationships and to master not only your would-be enemies but more importantly yourself.
To quote Chad's summarizaton:
"While it is certainly less than noble to let a criminal organization dictate how one behaves through fear of the consequences, you may want to stop and ask yourself one question before dismissing the idea that you could conceivably avoid becoming a target by avoiding actions that tick off people like LulzSec and Anonymous security crackers:
Is making myself less of a target really any different than just trying to be a good Internet citizen?"
This is the part I'm having a bit of difficulty understanding. How does appeasing
a criminal organization make you a "good Internet citizen"? Isn't this exactly
what the various shopkeepers and storeowners of "gangland Chicago" did?
Yes it could be argued that those businesses profited a bit, but what was the
cost? I understand that the times were different, and public opinion of a variety
of mobster/gangster/criminals were not black and white, they still aren't. But
did allowing the corruption and criminal activity result in a better environment
to conduct business, or did business grow and prosper more when the shadow
of mobster protection rackets were largely eliminated?
Would internet commerce prosper if the criminal elements were deterred?
Or do we continue to maintain a low profile and hope we don't anger the
mob bosses to the point they throw a digital bomb through our ecommerce
storefronts? What happens when the next LulzSec and Anonymous gangs decide
to step up their "enforcement" and demand we pay our "insurance"?
"While it is certainly less than noble to let a criminal organization dictate how one behaves through fear of the consequences, you may want to stop and ask yourself one question before dismissing the idea that you could conceivably avoid becoming a target by avoiding actions that tick off people like LulzSec and Anonymous security crackers:
Is making myself less of a target really any different than just trying to be a good Internet citizen?"
This is the part I'm having a bit of difficulty understanding. How does appeasing
a criminal organization make you a "good Internet citizen"? Isn't this exactly
what the various shopkeepers and storeowners of "gangland Chicago" did?
Yes it could be argued that those businesses profited a bit, but what was the
cost? I understand that the times were different, and public opinion of a variety
of mobster/gangster/criminals were not black and white, they still aren't. But
did allowing the corruption and criminal activity result in a better environment
to conduct business, or did business grow and prosper more when the shadow
of mobster protection rackets were largely eliminated?
Would internet commerce prosper if the criminal elements were deterred?
Or do we continue to maintain a low profile and hope we don't anger the
mob bosses to the point they throw a digital bomb through our ecommerce
storefronts? What happens when the next LulzSec and Anonymous gangs decide
to step up their "enforcement" and demand we pay our "insurance"?
> This is the part I'm having a bit of difficulty understanding.
What's so difficult to understand?
You, for some hypothetical definition of "you", are considering how to deal with the possibility of being targeted by a hacktivist group. You consider the motives of this group, which involve "punishing" those who behave in a particular way. You ask yourself "Would making myself less of a target by ceasing to behave a way that would draw the ire of this group equate to being a good Internet citizen?"
If the answer is "Yes, it would just equate to being a good Internet citizen," then there's no shame in making such a change in your behavior, and you should do so -- both to be a better person yourself, and to avoid the ire of those who might otherwise do some real damage to your business.
If the answer is "No, it would not equate to being a good Internet citizen," then maybe you should not change your behavior.
I (for I am Chad, if this was not obvious to you) did not say you should always cave in to the implicit demands of malicious security crackers. I said you should ask yourself a question. Your response to this seems to be that no, you should not even ask the question, that you should in fact continue to behave in a way such hacktivists don't like precisely because they don't like it -- that you should perhaps stubbornly be a bad Internet citizen just because someone else who may be a bad Internet citizen doesn't like it. That's asinine, spiteful, counterproductive, and frankly vile.
Hell, you're basically equating Sony -- pretty much a "criminal element" in its own right -- with a shopkeeper who is being intimidated into paying protection money. The truth of the matter is that Sony is more like a mafia family being targeted by destructive vigilantes in this case. Get your analogies right before trying to use them to undermine my arguments, please.
What's so difficult to understand?
You, for some hypothetical definition of "you", are considering how to deal with the possibility of being targeted by a hacktivist group. You consider the motives of this group, which involve "punishing" those who behave in a particular way. You ask yourself "Would making myself less of a target by ceasing to behave a way that would draw the ire of this group equate to being a good Internet citizen?"
If the answer is "Yes, it would just equate to being a good Internet citizen," then there's no shame in making such a change in your behavior, and you should do so -- both to be a better person yourself, and to avoid the ire of those who might otherwise do some real damage to your business.
If the answer is "No, it would not equate to being a good Internet citizen," then maybe you should not change your behavior.
I (for I am Chad, if this was not obvious to you) did not say you should always cave in to the implicit demands of malicious security crackers. I said you should ask yourself a question. Your response to this seems to be that no, you should not even ask the question, that you should in fact continue to behave in a way such hacktivists don't like precisely because they don't like it -- that you should perhaps stubbornly be a bad Internet citizen just because someone else who may be a bad Internet citizen doesn't like it. That's asinine, spiteful, counterproductive, and frankly vile.
Hell, you're basically equating Sony -- pretty much a "criminal element" in its own right -- with a shopkeeper who is being intimidated into paying protection money. The truth of the matter is that Sony is more like a mafia family being targeted by destructive vigilantes in this case. Get your analogies right before trying to use them to undermine my arguments, please.
"If I misinterpreted your post, I apologize."
There...sheesh...as for me equating Sony with a small shopkeeper, no,
I didn't say anything of the sort. I'm merely looking at possibilities not
only for the immediate future, but long-range.
Oh, I know your nickname as well. I read your security blogs to get ideas
on securing my systems. I do not mean any disrespect, and if it appears
that way, then again, I apologize. I'm still curious as to the "what if"
scenario, but since at the moment my internet presence is very limited
as far as my systems go, I'll be safe with my low profile. The collateral
damage from hacktivists attacking larger sites may be concerning, but
I still do very little online commerce.
There...sheesh...as for me equating Sony with a small shopkeeper, no,
I didn't say anything of the sort. I'm merely looking at possibilities not
only for the immediate future, but long-range.
Oh, I know your nickname as well. I read your security blogs to get ideas
on securing my systems. I do not mean any disrespect, and if it appears
that way, then again, I apologize. I'm still curious as to the "what if"
scenario, but since at the moment my internet presence is very limited
as far as my systems go, I'll be safe with my low profile. The collateral
damage from hacktivists attacking larger sites may be concerning, but
I still do very little online commerce.
Simply put, the issue is not black and white at all, but rather shades of grey. Hactivist groups create an arbitrary threshold where you are safe from reprisals unless you cross their line.
This "crossing" may not be an act of will, but rather a function of a moving value system. Today the line is covering up global warming. Tomorrow its allowing your employees to eat beef on their breaks. No one is truly safe with a moving target like this, but some industries are perceived as more "evil" than others.
The thing that upsets me is that an admin who should know better has either dropped the ball, allowing known exploits to be used against systems entrusted to their care, or the higher ups have not allowed them to solve the issues. When a script kiddie exploits them with these vulnerabilities, the executives and legal will want their pound of flesh and may get it when the bored 8 year old gets caught, but the people who could have prevented it with a little effort and time walk away scott free.
This "crossing" may not be an act of will, but rather a function of a moving value system. Today the line is covering up global warming. Tomorrow its allowing your employees to eat beef on their breaks. No one is truly safe with a moving target like this, but some industries are perceived as more "evil" than others.
The thing that upsets me is that an admin who should know better has either dropped the ball, allowing known exploits to be used against systems entrusted to their care, or the higher ups have not allowed them to solve the issues. When a script kiddie exploits them with these vulnerabilities, the executives and legal will want their pound of flesh and may get it when the bored 8 year old gets caught, but the people who could have prevented it with a little effort and time walk away scott free.
I didn't read it as "cower and pay your protection racket fee." It was more a "fix your business" kind of thing.
If your business practices are predatory and consumer hostile, expect to draw the attention of some sort of group. Mabye it's activists online, maybe it's activists on the street.. someone will take notice.
If info system management practices are irresponsible, expect to be broken into easily. Don't fix your SQL injection vulnerabilities because some group threatened you, fix them because they shouldn't be in a properly coded and maintained database. Encrypt customer data because it's the better way to store it; cleartext user data is downright neglegent. No firewall on your servers, not keeping your software up to date with the latest patches? If your storing customer information that has to fall into the criminally neglegent category.
Anonymous and Lulzsec may have deminstrated these issues with sensationalized headlines but the issues existed and where being exploited long before public attention was drawn to them.
If your business practices are predatory and consumer hostile, expect to draw the attention of some sort of group. Mabye it's activists online, maybe it's activists on the street.. someone will take notice.
If info system management practices are irresponsible, expect to be broken into easily. Don't fix your SQL injection vulnerabilities because some group threatened you, fix them because they shouldn't be in a properly coded and maintained database. Encrypt customer data because it's the better way to store it; cleartext user data is downright neglegent. No firewall on your servers, not keeping your software up to date with the latest patches? If your storing customer information that has to fall into the criminally neglegent category.
Anonymous and Lulzsec may have deminstrated these issues with sensationalized headlines but the issues existed and where being exploited long before public attention was drawn to them.
Maybe if you run a IT based company like these you can demonstrate your business skill and acumen by getting free advertising by being compromised and newsworthy.
/sarcasm ON
/sarcasm ON
You might just have something here. If the stock price is already dipping, a little pity may arrest the freefall and cloud the real issue of why the company is having issues in the first place. Take a few of these hits, pop the golden parachute and update the resume. Lather, rinse, repeat.
Too bad we're too dang honest to play that game. Instead we're the IT folks left holding the bag. How much does an IT person trust their company? Easy way to tell is IMAP or POP3. Are they willing to loose the ability to pick up emails anywhere in order to have a permanent local record?
Too bad we're too dang honest to play that game. Instead we're the IT folks left holding the bag. How much does an IT person trust their company? Easy way to tell is IMAP or POP3. Are they willing to loose the ability to pick up emails anywhere in order to have a permanent local record?
now.. if only there was some large tech company getting a lot of free advertising for being breached lately... 
Hmmm...I think you mis-read this article completely.
What I got from Chad's article is this...if your business is doing dishonest and harmful things like installing root-kits on your customer's computers, using personal information in a manner that most customers would disapprove of, using unfair and unethical business practices, etc... (even if your companies activities are technically legal) Then you will draw the ire of hacktivist groups (read between the lines here...maybe you deserve to as well).
So don't participate in these unethical business practices and you are much less likely to be targeted!
Wizard, your arguments, within the context of Chad's article, remind me of those who condemned the activities of Black Panthers in the 60s for their illegal activities on behalf of ending segregation and combating the institutional racism that had been immorally but legally imposed. We might not agree with all the actions taken by the Black Panthers and some members were undoubtedly only involved for the purpose of being violent, however, they wouldn't have existed if the "system" hadn't been so corrupt in the first place.
What I got from Chad's article is this...if your business is doing dishonest and harmful things like installing root-kits on your customer's computers, using personal information in a manner that most customers would disapprove of, using unfair and unethical business practices, etc... (even if your companies activities are technically legal) Then you will draw the ire of hacktivist groups (read between the lines here...maybe you deserve to as well).
So don't participate in these unethical business practices and you are much less likely to be targeted!
Wizard, your arguments, within the context of Chad's article, remind me of those who condemned the activities of Black Panthers in the 60s for their illegal activities on behalf of ending segregation and combating the institutional racism that had been immorally but legally imposed. We might not agree with all the actions taken by the Black Panthers and some members were undoubtedly only involved for the purpose of being violent, however, they wouldn't have existed if the "system" hadn't been so corrupt in the first place.
If you can be perceived as doing something nefarious, even if you are not, you will likely be a target for a hactivist group eventually. One may forestall this by having a boy scout image, but eventually good press will run out. You should prepare for an organized attack in addition to your normal efforts.
If your data is sensitive, (HIPAA, Comsec, PCI-DSS, or embarrassing pictures) you can eliminate a lot of grief by a very simple practice: until and unless you need to, DON"T PUT IT ON THE NET!
The classic attacks in current use are old standbys. If you are vulnerable to SQL injection attacks, this is something you need to tighten up anyway. In most cases it is a sign of a lazy coder or dba and in these cases the resolution will be simple but likely not cheap or transparent to the business process.
DDoS attacks are harder to shield against, but a high majority can be resolved by good firewall rules. Many times, the organization's infrastructure is the one clogging the works with their response to malformed packets, pings, arps, and fraudulent HTTP requests. Use a good firewall and block (log, no response) these and you will be able to handle a much higher volume of attacks. If you don't, the jerk on the other end can get your own servers and firewall to play that sophomoric game of "quit hitting yourself" until he gets tired.
These are all things we should be doing anyway. Practice good and open business practices. Lock down your firewall. Make your mission critical systems secure against known attacks, Keep anything sensitive on servers which are in some way isolated (the level of this dependent upon the sensitivity of the data). Finally, do good deeds for your clients and your community.
If your data is sensitive, (HIPAA, Comsec, PCI-DSS, or embarrassing pictures) you can eliminate a lot of grief by a very simple practice: until and unless you need to, DON"T PUT IT ON THE NET!
The classic attacks in current use are old standbys. If you are vulnerable to SQL injection attacks, this is something you need to tighten up anyway. In most cases it is a sign of a lazy coder or dba and in these cases the resolution will be simple but likely not cheap or transparent to the business process.
DDoS attacks are harder to shield against, but a high majority can be resolved by good firewall rules. Many times, the organization's infrastructure is the one clogging the works with their response to malformed packets, pings, arps, and fraudulent HTTP requests. Use a good firewall and block (log, no response) these and you will be able to handle a much higher volume of attacks. If you don't, the jerk on the other end can get your own servers and firewall to play that sophomoric game of "quit hitting yourself" until he gets tired.
These are all things we should be doing anyway. Practice good and open business practices. Lock down your firewall. Make your mission critical systems secure against known attacks, Keep anything sensitive on servers which are in some way isolated (the level of this dependent upon the sensitivity of the data). Finally, do good deeds for your clients and your community.
I had someone say that the other day and I'm still shaking my head in amazement. Not "availability does not indicate security" but "availability is not a security concern" in reference to DDoS attacks not being a security issue.
It's good to i know I'm not alone in thinking that ignoring DDoS as a security concern is madness.
It's good to i know I'm not alone in thinking that ignoring DDoS as a security concern is madness.
What's the purpose of a DDoS? to shut down a site and possibly crash something into revealing some secrets... kinda like tripping grandma to see her knickers and grab the change she drops. Pitiful really, but we need to prepare for this as much as any other attack if not more considering the prevalence.
The next time someone says that availability is not a security concern, ask him how he'd feel if someone made his lungs unavailable to him.
We (the big we, not anyone here) expect things to just magically work and be there anytime we want with no commitment in the form of time of money. To be blunt, I'm not sure how to fix this larger issue of the typical corporate behavior:
1. expect the moon
2. ignore the issues and responsibilities
3. go for blood if someone demonstrates how incompetent you are.
1. expect the moon
2. ignore the issues and responsibilities
3. go for blood if someone demonstrates how incompetent you are.
Wow we seem to be assuming that there is some standard definition of what a good internet citizen vs. what a bad internet citizen is. While hacktivism, like terrorism may be seen as both good and bad depending on what your perspective is or which group you support, stealing customer data from any organization and posting it online for everyone to use or abuse hurts first and foremost the little guy. Sure the corporation looses reputation and brownie points but does it make their products any less used? Slightly if at all, especially in the case of Sony. How many thirteen year-olds will boycott Playstation because of lax security regarding user data?
The idea that hacktivist groups are noble is laughable. Robin Hood is considered noble in that he robbed from the rich and gave to the poor. Hacktivists steal the personal details of the poor from large corporations and post them on the internet. Is that noble? If your beef is with the corporation or government go after that entity not John Doe from Omaha and a hundred thousand like him who just happen to enjoy Playstation when they have some downtime.
I'm not supporting or condoning Sony's business practices but I am most definitely speaking out against hurting the little guy in the hopes of embarrassing the big guy. Is putting a rootkit on a cd that 100,000 people buy any better than putting a rootkit or botnet on 100,000 people's computers in order to target an organization with a DoS attack? Any hacktivist that hurts the little guys is not noble they are merely changing the oppressor from corporation A or government B to hackivism group C. Noble indeed.
*edited to improve readability
The idea that hacktivist groups are noble is laughable. Robin Hood is considered noble in that he robbed from the rich and gave to the poor. Hacktivists steal the personal details of the poor from large corporations and post them on the internet. Is that noble? If your beef is with the corporation or government go after that entity not John Doe from Omaha and a hundred thousand like him who just happen to enjoy Playstation when they have some downtime.
I'm not supporting or condoning Sony's business practices but I am most definitely speaking out against hurting the little guy in the hopes of embarrassing the big guy. Is putting a rootkit on a cd that 100,000 people buy any better than putting a rootkit or botnet on 100,000 people's computers in order to target an organization with a DoS attack? Any hacktivist that hurts the little guys is not noble they are merely changing the oppressor from corporation A or government B to hackivism group C. Noble indeed.
*edited to improve readability
> stealing customer data from any organization and posting it online for everyone to use or abuse hurts first and foremost the little guy Sure the corporation looses reputation and brownie points but does it make their products any less used? Slightly if at all, especially in the case of Sony.
This is an argument about the effectiveness of the hacktivists' methods, which is not even a topic addressed by the article, so I'm not sure how that's relevant in this case.
All in all, your commentary seems to suggest that you think the article casts the hacktivists in question in the role of "hero", but it does not. As such, it's kind of a strange comment to make, in this context.
This is an argument about the effectiveness of the hacktivists' methods, which is not even a topic addressed by the article, so I'm not sure how that's relevant in this case.
All in all, your commentary seems to suggest that you think the article casts the hacktivists in question in the role of "hero", but it does not. As such, it's kind of a strange comment to make, in this context.
If you look like prey, you will be eaten - Clint Smith
If you don't attract attention you will be over looked.
If you get looked at any way, look like a hard target, and don't give the looker any reason to keep trying.
If you don't attract attention you will be over looked.
If you get looked at any way, look like a hard target, and don't give the looker any reason to keep trying.
That is it in a nutshell. Now, let's talk specific applications.
"If you look like prey, you will be eaten - Clint Smith"
Quite true. Don't make yourself a target by engaging in business practices you really shouldn't.
"If you don't attract attention you will be over looked."
It goes back to the ethical conduct. No one is going to hit Doctors without Borders (if they do they will make my list) because they do good works. Bank of America or the CIA? Not so much.
"If you get looked at any way, look like a hard target, and don't give the looker any reason to keep trying."
Yep. Lock it down. Tiger team you network. Fix the issues you find. Do it again until you come up clean. The best result is if you can make like a hole in the water in all ways except the ports you need open, and these must be restricted to the type of request expected or solicited.
Follow this advice and hactivist groups will either have no interest, not find you, or choose to move to greener pastures.
"If you look like prey, you will be eaten - Clint Smith"
Quite true. Don't make yourself a target by engaging in business practices you really shouldn't.
"If you don't attract attention you will be over looked."
It goes back to the ethical conduct. No one is going to hit Doctors without Borders (if they do they will make my list) because they do good works. Bank of America or the CIA? Not so much.
"If you get looked at any way, look like a hard target, and don't give the looker any reason to keep trying."
Yep. Lock it down. Tiger team you network. Fix the issues you find. Do it again until you come up clean. The best result is if you can make like a hole in the water in all ways except the ports you need open, and these must be restricted to the type of request expected or solicited.
Follow this advice and hactivist groups will either have no interest, not find you, or choose to move to greener pastures.
I recommend Anonymous and Lulzsec to try to hack Russian state owned companies such as Gazprom or other major Companies. I wonder how many lulzs they will enjoy before the bitter end.
Or better yet try to infiltrate FSB, that will ensure tons of lulz for the rest of us.
Or better yet try to infiltrate FSB, that will ensure tons of lulz for the rest of us.
...but Russia has a very effective response to cyber-warfare. Just ask Georgia.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
